CVE-2010-4257 - Vulnerability Details - OpenCVE

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603
http://codex.wordpress.org/Version_3.0.2
http://core.trac.wordpress.org/changeset/16625
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052879.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052892.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html
http://secunia.com/advisories/42431
http://secunia.com/advisories/42753
http://secunia.com/advisories/42844
http://secunia.com/advisories/42871
http://wordpress.org/news/2010/11/wordpress-3-0-2/
http://www.debian.org/security/2010/dsa-2138
http://www.securityfocus.com/bid/45131
http://www.vupen.com/english/advisories/2010/3337
http://www.vupen.com/english/advisories/2011/0042
http://www.vupen.com/english/advisories/2011/0057
http://www.xakep.ru/magazine/xa/124/052/1.asp
https://bugzilla.redhat.com/show_bug.cgi?id=659265

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-12-07T01:00:00

Updated: 2024-08-07T03:34:37.946Z

Reserved: 2010-11-16T00:00:00

Link: CVE-2010-4257

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-12-07T13:53:29.240

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-4257

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-11T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "42844", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42844"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wordpress.org/news/2010/11/wordpress-3-0-2/"}, {"name": "DSA-2138", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2138"}, {"name": "FEDORA-2010-19329", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html"}, {"name": "42753", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42753"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/"}, {"name": "FEDORA-2010-19290", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052892.html"}, {"name": "42871", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42871"}, {"name": "ADV-2010-3337", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3337"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://core.trac.wordpress.org/changeset/16625"}, {"tags": ["x_refsource_MISC"], "url": "http://www.xakep.ru/magazine/xa/124/052/1.asp"}, {"name": "45131", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45131"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659265"}, {"name": "FEDORA-2010-19296", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052879.html"}, {"name": "FEDORA-2010-19330", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html"}, {"name": "42431", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42431"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://codex.wordpress.org/Version_3.0.2"}, {"name": "ADV-2011-0042", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0042"}, {"name": "ADV-2011-0057", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0057"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:34:37.946Z"}, "title": "CVE Program Container", "references": [{"name": "42844", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42844"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wordpress.org/news/2010/11/wordpress-3-0-2/"}, {"name": "DSA-2138", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2138"}, {"name": "FEDORA-2010-19329", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html"}, {"name": "42753", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42753"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/"}, {"name": "FEDORA-2010-19290", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052892.html"}, {"name": "42871", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42871"}, {"name": "ADV-2010-3337", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3337"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://core.trac.wordpress.org/changeset/16625"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.xakep.ru/magazine/xa/124/052/1.asp"}, {"name": "45131", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45131"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659265"}, {"name": "FEDORA-2010-19296", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052879.html"}, {"name": "FEDORA-2010-19330", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html"}, {"name": "42431", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42431"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://codex.wordpress.org/Version_3.0.2"}, {"name": "ADV-2011-0042", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0042"}, {"name": "ADV-2011-0057", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0057"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4257", "datePublished": "2010-12-07T01:00:00", "dateReserved": "2010-11-16T00:00:00", "dateUpdated": "2024-08-07T03:34:37.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "741C9E7A-B3B3-4B7B-A588-B75302C71694", "versionEndIncluding": "3.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n do_trackbacks en wp-includes/comment.php de WordPress anterior a v3.0.2 permite a los usuarios remotos autenticados ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s del campo Send Trackbacks."}], "id": "CVE-2010-4257", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-07T13:53:29.240", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://codex.wordpress.org/Version_3.0.2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://core.trac.wordpress.org/changeset/16625"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052879.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052892.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42431"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42753"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42844"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42871"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://wordpress.org/news/2010/11/wordpress-3-0-2/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2138"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45131"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3337"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0042"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0057"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://www.xakep.ru/magazine/xa/124/052/1.asp"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://codex.wordpress.org/Version_3.0.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://core.trac.wordpress.org/changeset/16625"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052879.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052892.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42871"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://wordpress.org/news/2010/11/wordpress-3-0-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0042"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://www.xakep.ru/magazine/xa/124/052/1.asp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659265"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}